package uk.ac.ox.ctl.lti13.security.oauth2.client.lti.web;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository;
import org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.util.Assert;
import uk.ac.ox.ctl.lti13.security.oauth2.client.lti.authentication.OIDCLaunchFlowToken;
import uk.ac.ox.ctl.lti13.security.oauth2.core.endpoint.OIDCLaunchFlowExchange;
import uk.ac.ox.ctl.lti13.security.oauth2.core.endpoint.OIDCLaunchFlowResponse;

/* loaded from: input_file:uk/ac/ox/ctl/lti13/security/oauth2/client/lti/web/OAuth2LoginAuthenticationFilter.class */
public class OAuth2LoginAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
    private static final String AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE = "authorization_request_not_found";
    private static final String CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE = "client_registration_not_found";
    private ClientRegistrationRepository clientRegistrationRepository;
    private AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository;

    public OAuth2LoginAuthenticationFilter(ClientRegistrationRepository clientRegistrationRepository, String str) {
        super(str);
        this.authorizationRequestRepository = new HttpSessionOAuth2AuthorizationRequestRepository();
        Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
        this.clientRegistrationRepository = clientRegistrationRepository;
    }

    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException, IOException, ServletException {
        if (!isAuthorizationResponse(httpServletRequest)) {
            OAuth2Error oAuth2Error = new OAuth2Error("invalid_request");
            throw new OAuth2AuthenticationException(oAuth2Error, oAuth2Error.toString());
        }
        OAuth2AuthorizationRequest removeAuthorizationRequest = this.authorizationRequestRepository.removeAuthorizationRequest(httpServletRequest, httpServletResponse);
        if (removeAuthorizationRequest == null) {
            OAuth2Error oAuth2Error2 = new OAuth2Error(AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE);
            throw new OAuth2AuthenticationException(oAuth2Error2, oAuth2Error2.toString());
        }
        String str = (String) removeAuthorizationRequest.getAdditionalParameters().get("registration_id");
        ClientRegistration findByRegistrationId = this.clientRegistrationRepository.findByRegistrationId(str);
        if (findByRegistrationId == null) {
            OAuth2Error oAuth2Error3 = new OAuth2Error(CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE, "Client Registration not found with Id: " + str, (String) null);
            throw new OAuth2AuthenticationException(oAuth2Error3, oAuth2Error3.toString());
        }
        OIDCLaunchFlowToken oIDCLaunchFlowToken = new OIDCLaunchFlowToken(findByRegistrationId, new OIDCLaunchFlowExchange(removeAuthorizationRequest, OIDCLaunchFlowResponse.success(httpServletRequest.getParameter("id_token")).state(httpServletRequest.getParameter("state")).build()));
        oIDCLaunchFlowToken.setDetails(this.authenticationDetailsSource.buildDetails(httpServletRequest));
        OIDCLaunchFlowToken authenticate = getAuthenticationManager().authenticate(oIDCLaunchFlowToken);
        return new OAuth2AuthenticationToken(authenticate.m0getPrincipal(), authenticate.getAuthorities(), authenticate.getClientRegistration().getRegistrationId());
    }

    static boolean isAuthorizationResponse(HttpServletRequest httpServletRequest) {
        return isAuthorizationResponseSuccess(httpServletRequest) || isAuthorizationResponseError(httpServletRequest);
    }

    static boolean isAuthorizationResponseSuccess(HttpServletRequest httpServletRequest) {
        return (httpServletRequest.getParameter("id_token") == null || httpServletRequest.getParameter("state") == null) ? false : true;
    }

    static boolean isAuthorizationResponseError(HttpServletRequest httpServletRequest) {
        return (httpServletRequest.getParameter("error") == null || httpServletRequest.getParameter("state") == null) ? false : true;
    }

    public final void setAuthorizationRequestRepository(AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository) {
        Assert.notNull(authorizationRequestRepository, "authorizationRequestRepository cannot be null");
        this.authorizationRequestRepository = authorizationRequestRepository;
    }
}
